By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

researchers poking around for ways to exploit some of the latest flaws.

With the power of Local System, an attacker could fully compromise an IIS host by installing a backdoor, rootkit or by using it as a trampoline to attack other hosts on the internal network. Andrey Kolishchak,chief technology officerGentleSecurity

MS08-006, which Microsoft rated "important," addressed local and remote flaws in IIS attackers could exploit to hijack a targeted machine. It affects Internet Information Services 5.0 on Windows 2000, Internet Information Services 5.1 on Windows XP; Internet Information Server 6.0 on Windows Server 2003; and Internet Information Services 7.0 on Windows Vista. In the "mitigating factors" section of the bulletin, Microsoft said that on supported editions of Windows Server 2003, if IIS is enabled and classic ASP is used, an attacker who successfully exploits the flaw can only obtain Network Service account privileges by default.

That statement is not entirely accurate, said Cesar Cerrudo, founder and owner of Argeniss Information Security.

"Microsoft should not mention as a mitigating factor that code execution is limited to Network Service account since it's known that it's easy to elevate privileges from Network Service to Local System account, and that allows full system compromise," he said, adding that he has personally discovered "many issues" in Windows XP, 2003, Vista and 2008 that allows elevation of privileges from the Network Service account to the Local System account.

In his opinion, Microsoft wrongly downplayed the ability for someone to elevate privileges from the Network Service account to the Local System account, and that IT shops need to be aware of the heightened risks they face, even though the flaw was not deemed critical by Microsoft.

Andrey Kolishchak, chief technology officer and cofounder of GentleSecurity, shared that view in an email exchange, saying the privileges of Network Service could be elevated to Local System, which is the most powerful administrative account on Windows.

"With the power of Local System, an attacker could fully compromise an IIS host by installing a backdoor, rootkit or by using it as a trampoline to attack other hosts on the internal network," he said. What's more, he said, is that the issue outlined in MS08-006 is not just related to IIS. For example, he said, "the same problem would appear if an exploited vulnerability would be found one day in SQL server. The exploit would be able to elevate any non-privileged SQL server account up to Local System."

Meanwhile, Moore and others are finding ways to exploit the WebDAV Mini-Redirector flaw outlined in MS08-007. More explored how the flaw could potentially be targeted in an article titled "Fun with WebDav," complete with a video demonstration.

Microsoft noted in its critical MS08-007 bulletin that attackers could exploit in the Windows WebDAV mini-redirector to hijack targeted machines and install programs; view, change, or delete data; or create new accounts with full user rights.

A researcher using the nickname "chujwamwdupe" posted an advisory on the MilwOrm site, saying, "A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by [a] remote attacker to take complete control of an affected system. This issue is due to [a] stack overflow error in [a] function that read [sections] from [a] WPS file. When we change size of for example TEXT section to [a] number [larger] than 0×10, [a] stack overflow occurs -- very easy to exploit."

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy